Sujet Précédent Sujet Suivant

Mon pc est -il infecté ?

Fermé
fhme - 4 juil. 2007 à 06:31
 fhme - 15 juil. 2007 à 09:00
Bonjour,

Depuis un moment, il arrive que le navigateur "firefox" pour moi, se ferme et j'ai un message d'erreur dans une fenetre qui s'ouvre en bas à droite, me demandant d'installer un logiciel de nettoyage : DriverCleaner. j'ai essayé de faire du nettoyage avec les logiciel que j'ai (ad-aware, ccleaner, spybot, squared, easycleaner, SmitfraudFix, atf-cleaner en plus j'utilise le firewall sygate).. en vain ! le message revient de temps en temps !
J'ai pris le risque d'accepter l'installation du logiciel mais avast l'a détecté !

Voici le message exactement comme il apparait :
[
Notice : Votre ordinateur garde des traces des tous les sites pour les adultes
que vous avez visité.
Pour la plupart des cas vous même savez pas des fichiers qui se sont installés
eux-mêmes, violent votre avctivité en ligne et peuvent compromettre votre mariage.
Ces dossiers laissent des traces de votre activité en ligne et même exposent
au danger la sécurité de votre carte bancaire. IL est possible d'éliminer toutes
les traces des enregistrements temporaires et historiques de votre ordinateur.

Voulez-vous installer le logiciel DriverCleaner pour analyser votre ordinateur
gratuitement ?

Le logiciel est à cet adresse :
http://fr.drivecleaner.com/.freeware/index.php?ad=regionto_rdt_ed2&link=intl&aff=&a=0&p=20&ex=1&hv=&ap=&w=&j=
]

pouvez-vous m'aider à trouver une solution ?
A voir également:

7 réponses

Réponse 1 / 7
Utilisateur anonyme
5 juil. 2007 à 07:17
Bonjour

Télécharge ComboScan sur ton Bureau.
---> http://www.techsupportforum.com/sectools/Deckard/dss.exe

Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
Soit patient ..
Le rapport dss.txt s'affichera, copie et colle le contenu de ce fichier ici.

Attention, il peut avoir deux, trois rapports mets les tous ici stp
1
fhme
5 juil. 2007 à 10:27
Bonjour, merci de me répondre,

J'ai effectué la procédure, voici le rapport, y'en a qu'un :
___________________________________________________
Deckard's System Scanner v20070611.50
Run by helali on 2007-07-05 at 10:21:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as helali.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:21:32, on 05/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\helali\Bureau\dss.exe
C:\HIJACK~1\helali.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


-- Files created between 2007-06-05 and 2007-07-05 -----------------------------

2007-07-05 08:28:11 0 dr-h----- C:\Documents and Settings\helali\Recent
2007-06-15 18:37:12 0 d-------- C:\Documents and Settings\helali\Application Data\Uniblue
2007-06-15 03:54:16 0 d-------- C:\Program Files\Viewpoint
2007-06-15 03:46:37 0 d-------- C:\Program Files\Netscape


-- Find3M Report ---------------------------------------------------------------

2007-07-01 14:48:48 0 d-------- C:\Program Files\a-squared Free
2007-06-30 23:38:18 0 d-------- C:\Program Files\eMule
2007-06-29 11:33:41 3090 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-23 19:03:47 0 d-------- C:\Documents and Settings\helali\Application Data\Skype
2007-06-21 18:23:11 0 d-------- C:\Program Files\Fichiers communs
2007-06-15 03:55:03 0 d-------- C:\Documents and Settings\helali\Application Data\Mozilla
2007-06-15 03:54:59 335 --a------ C:\WINDOWS\nsreg.dat
2007-06-15 03:54:27 12283 --a------ C:\WINDOWS\mozver.dat
2007-06-13 01:42:59 0 d-------- C:\Program Files\Fichiers communs\System
2007-06-02 12:29:59 0 d-------- C:\Program Files\Windows Live Toolbar
2007-05-16 18:42:35 0 d-------- C:\Program Files\netbeans-5.5
2007-05-16 18:26:29 0 d-------- C:\Program Files\Java
2007-05-15 22:35:52 0 d-------- C:\Documents and Settings\helali\Application Data\AdobeUM
2007-05-15 22:34:41 0 d-------- C:\Program Files\Fichiers communs\Adobe
2007-05-12 05:57:14 512954 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-05-12 05:57:13 94408 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-05-10 07:59:28 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 13:54:01 0 d-------- C:\Program Files\Lavalys
2007-04-23 07:44:23 30856 --a------ C:\Documents and Settings\helali\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"nwiz"="nwiz.exe /installquiet"
"00THotkey"="C:\\WINDOWS\\System32\\00THotkey.exe"
"000StTHK"="000StTHK.exe"
"Tpwrtray"="TPWRTRAY.EXE"
"TFncKy"="TFncKy.exe /Type 20"
"TosHKCW.exe"="\"C:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe\""
"TFNF5"="TFNF5.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"TouchED"="C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"
"WooCnxMon"="C:\\PROGRA~1\\WANADOO\\CnxMon.exe"
"WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\TaskbarIcon.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"Ulead Memory Card Detector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0\\Monitor.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-07-05 at 10:21:56 ---------


___________________________________________________
0
Réponse 2 / 7
Utilisateur anonyme
5 juil. 2007 à 17:28
¤ Fais un clic droit sur ce lien :Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal choisis F, ensuite choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sansmon avis)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***

Appuie sur une touche comme demandé, le bloc-note va s'ouvrir.
Copie-colle l'intégralité dans un nouveau message
Le rapport est aussi sauvegardé à la racine du disque (fixnavi.txt)
0
Réponse 3 / 7
fhme
8 juil. 2007 à 00:07
Voici le message de navilog1 :
_______________________________________________________________________________________

Search Navipromo version 2.0.5 commencé le 07/07/2007 à 23:42:49,04

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\xxx\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 07/07/07 at 23:42:51.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .....................................................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 07/07/07 at 23:59:36 (return code = 0).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********

3)Recherche Certificats :


*** Analyse Terminé le 08/07/2007 à 0:00:01,15 ***

_______________________________________________________________________________________
__________________________________________________
0
Réponse 4 / 7
Utilisateur anonyme
8 juil. 2007 à 00:12
Garde Navilog de côté pour le moment


¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/

* Coche uniquement ces cases, décoche tout le reste :

- Recent Files, 60 days
- Registry Run Key
- Hidden objects
- suspucious files

Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
0
fhme
8 juil. 2007 à 11:02
et voici la suite du rapport :
_________________________________________________________________________________________

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi\Parameters ProviderStart REG_DWORD 3 (0x3)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aswTdi\Parameters ProviderStart REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {B8A62DE1-C911-47C2-AB37-1E57060C3B45} REG_BINARY 0F00000000000000000000000000000038A09046F900000000000000000000000000000038A090460100000000000000000000000000000038A090462B00000000000000000000000000000038A090462C00000000000000000000000000000038A090460600000000000000000000000000000038A09046
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {B8A62DE1-C911-47C2-AB37-1E57060C3B45} REG_BINARY 0F0000000000000000000000000000005C809046F90000000000000000000000000000005C809046010000000000000000000000000000005C8090462B0000000000000000000000000000005C8090462C0000000000000000000000000000005C809046060000000000000000000000000000005C809046
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 9465 (0x24F9)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 9452 (0x24EC)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\YAMAHA\Driver\ACXGWDM\Status PowerStatus REG_DWORD 3 (0x3)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\YAMAHA\Driver\ACXGWDM\Status PowerStatus REG_DWORD 0 (0x0)

Result compared: Different


-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


===================== Hidden Objects =====================


SCAN ABORTED: an unknown error has occurred. Please check Rootkit presence with another tool

===================== Checking Rustock rootkit =====================



===================== Checking Suspicious files =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\

C:\WINDOWS\system32\yv12vfw.dll --> is compressed with UPX

==========================================
Scan completed in 3,1 minutes
End of report

_________________________________________________________________________________________
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
fhme
8 juil. 2007 à 10:58
Bonjour,
Voici le rapport :
_______________________________________________________________________________________

SystemScan - www.suspectfile.com - ver. 3.2.0

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 08/07/2007
Time: 10:51:27

Output limited to:
-Recent files
-Registry Run Keys
-Hidden objects
-Suspicious Files

===================== Recent files (60 days old)=====================

----- recent files in C:\
11/05/2007 12:31:37 795648 byte 58 days old -- CV Fadhel HELALI.doc
16/05/2007 07:33:45 (DIR) 0 byte 53 days old -- javadb
16/05/2007 17:41:34 370328 byte 53 days old -- jdk-6u1-windows-i586-p-iftw.exe
16/05/2007 18:29:16 (DIR) 0 byte 53 days old -- commons ++
22/05/2007 07:19:10 50688 byte 47 days old -- curriculum vitae.doc
31/05/2007 15:00:18 (DIR) 0 byte 38 days old -- I386
04/06/2007 08:56:59 30503 byte 34 days old -- YServer.txt
14/06/2007 19:10:40 53 byte 24 days old -- exemple-fwrite.log
15/06/2007 19:41:40 216 byte 23 days old -- boot.ini
22/06/2007 15:36:27 (DIR) 0 byte 16 days old -- cv
29/06/2007 11:43:00 1040 byte 9 days old -- rapport.txt
01/07/2007 01:45:34 (DIR) 0 byte 7 days old -- web-site
05/07/2007 10:10:00 (DIR) 0 byte 3 days old -- Deckard
05/07/2007 10:21:31 (DIR) 0 byte 3 days old -- hijackthis
07/07/2007 23:11:44 (DIR) 0 byte 1 days old -- WINDOWS
07/07/2007 23:40:37 (DIR) 0 byte 1 days old -- Program Files
07/07/2007 23:42:49 8787 byte 1 days old -- unpffc03.txt
08/07/2007 00:00:01 2160 byte 0 days old -- fixnavi.txt
08/07/2007 10:00:23 402653184 byte 0 days old -- pagefile.sys
08/07/2007 10:51:27 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
10/05/2007 07:57:29 (DIR) 0 byte 59 days old -- $NtUninstallKB930916$
23/05/2007 09:11:20 (DIR) 0 byte 46 days old -- $NtUninstallKB927891$
29/05/2007 05:54:53 557 byte 40 days old -- ODBC.INI
31/05/2007 15:00:18 (DIR) 0 byte 38 days old -- $NtServicePackUninstall$
31/05/2007 19:32:24 (DIR) 0 byte 38 days old -- Help
02/06/2007 12:31:50 (DIR) 0 byte 36 days old -- Installer
07/06/2007 14:29:28 51 byte 31 days old -- yesmessenger.ini
13/06/2007 01:24:17 (DIR) 0 byte 25 days old -- $hf_mig$
13/06/2007 01:33:27 (DIR) 0 byte 25 days old -- ie7updates
13/06/2007 01:36:18 (DIR) 0 byte 25 days old -- $NtUninstallKB935839$
13/06/2007 01:42:23 (DIR) 0 byte 25 days old -- $NtUninstallKB935840$
13/06/2007 01:42:50 (DIR) 0 byte 25 days old -- $NtUninstallKB929123$
13/06/2007 01:43:24 (DIR) 0 byte 25 days old -- inf
13/06/2007 02:02:44 (DIR) 0 byte 25 days old -- Debug
15/06/2007 03:54:27 12283 byte 23 days old -- mozver.dat
15/06/2007 03:54:59 335 byte 23 days old -- nsreg.dat
15/06/2007 04:02:32 121 byte 23 days old -- Winamp.ini
15/06/2007 18:36:14 (DIR) 0 byte 23 days old -- Tasks
15/06/2007 18:47:07 (DIR) 0 byte 23 days old -- pss
15/06/2007 19:41:40 227 byte 23 days old -- system.ini
15/06/2007 19:41:40 664 byte 23 days old -- win.ini
17/06/2007 10:12:04 (DIR) 0 byte 21 days old -- BDOSCAN8
05/07/2007 10:10:51 (DIR) 0 byte 3 days old -- ERDNT
05/07/2007 10:12:14 (DIR) 0 byte 3 days old -- Downloaded Program Files
07/07/2007 23:42:05 (DIR) 0 byte 1 days old -- system32
08/07/2007 08:23:24 32382 byte 0 days old -- SchedLgU.Txt
08/07/2007 10:00:27 2048 byte 0 days old -- bootstat.dat
08/07/2007 10:00:31 0 byte 0 days old -- 0.log
08/07/2007 10:00:54 50 byte 0 days old -- wiaservc.log
08/07/2007 10:00:56 159 byte 0 days old -- wiadebug.log
08/07/2007 10:29:30 1251245 byte 0 days old -- WindowsUpdate.log
08/07/2007 10:30:32 (DIR) 0 byte 0 days old -- Temp
08/07/2007 10:50:40 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
12/05/2007 05:57:12 1136286 byte 57 days old -- PerfStringBackup.INI
12/05/2007 05:57:13 76436 byte 57 days old -- perfc009.dat
12/05/2007 05:57:13 94408 byte 57 days old -- perfc00C.dat
12/05/2007 05:57:13 439202 byte 57 days old -- perfh009.dat
12/05/2007 05:57:14 512954 byte 57 days old -- perfh00C.dat
16/05/2007 17:13:53 683520 byte 53 days old -- inetcomm.dll
16/05/2007 18:26:29 3846 byte 53 days old -- jupdate-1.6.0_01-b06.log
31/05/2007 19:32:13 (DIR) 0 byte 38 days old -- SoftwareDistribution
06/06/2007 08:38:41 15747032 byte 32 days old -- MRT.exe
09/06/2007 16:43:55 (DIR) 0 byte 29 days old -- Microsoft
13/06/2007 01:43:04 (DIR) 0 byte 25 days old -- dllcache
15/06/2007 04:03:51 (DIR) 0 byte 23 days old -- drivers
29/06/2007 11:33:41 3090 byte 9 days old -- tmp.reg
29/06/2007 11:33:41 0 byte 9 days old -- tmp.txt
04/07/2007 06:40:08 3121 byte 4 days old -- CONFIG.NT
05/07/2007 10:12:13 (DIR) 0 byte 3 days old -- CatRoot2
08/07/2007 10:01:05 1158 byte 0 days old -- wpa.dbl

----- recent files in C:\WINDOWS\system32\drivers\

----- recent files in C:\WINDOWS\temp\
05/07/2007 22:45:02 16384 byte 3 days old -- Perflib_Perfdata_630.dat
06/07/2007 07:20:56 16384 byte 2 days old -- Perflib_Perfdata_5fc.dat
07/07/2007 13:36:14 16384 byte 1 days old -- Perflib_Perfdata_614.dat
08/07/2007 10:00:31 255 byte 0 days old -- WGAErrLog.txt
08/07/2007 10:00:42 16384 byte 0 days old -- Perflib_Perfdata_604.dat
08/07/2007 10:01:15 409 byte 0 days old -- WGANotify.settings
08/07/2007 10:44:21 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Program Files\
10/05/2007 07:59:28 (DIR) 0 byte 59 days old -- Microsoft CAPICOM 2.1.0.2
16/05/2007 18:26:29 (DIR) 0 byte 53 days old -- Java
16/05/2007 18:42:35 (DIR) 0 byte 53 days old -- netbeans-5.5
30/05/2007 23:39:53 (DIR) 0 byte 39 days old -- Spybot - Search & Destroy
01/06/2007 18:50:10 (DIR) 0 byte 37 days old -- WinRAR
02/06/2007 12:29:59 (DIR) 0 byte 36 days old -- Windows Live Toolbar
05/06/2007 20:49:25 (DIR) 0 byte 33 days old -- Mozilla Firefox
13/06/2007 01:34:18 (DIR) 0 byte 25 days old -- Internet Explorer
13/06/2007 01:43:01 (DIR) 0 byte 25 days old -- Outlook Express
15/06/2007 03:46:37 (DIR) 0 byte 23 days old -- Netscape
15/06/2007 03:54:18 (DIR) 0 byte 23 days old -- Viewpoint
21/06/2007 18:23:11 (DIR) 0 byte 17 days old -- Fichiers communs
30/06/2007 23:38:18 (DIR) 0 byte 8 days old -- eMule
01/07/2007 14:48:48 (DIR) 0 byte 7 days old -- a-squared Free
07/07/2007 23:59:36 (DIR) 0 byte 1 days old -- Navilog1

----- recent files in C:\Program Files\Fichiers communs\
15/05/2007 22:34:41 (DIR) 0 byte 54 days old -- Adobe
13/06/2007 01:42:59 (DIR) 0 byte 25 days old -- System

----- recent files in C:\Documents and Settings\helali\Application Data\
15/05/2007 22:35:52 (DIR) 0 byte 54 days old -- AdobeUM
06/06/2007 10:19:08 (DIR) 0 byte 32 days old -- Microsoft
15/06/2007 03:55:03 (DIR) 0 byte 23 days old -- Mozilla
15/06/2007 18:42:55 (DIR) 0 byte 23 days old -- Uniblue
23/06/2007 19:03:47 (DIR) 0 byte 15 days old -- Skype

----- recent files in C:\DOCUME~1\helali\LOCALS~1\Temp\
07/07/2007 18:47:58 (DIR) 0 byte 1 days old -- WLTB Custom Button Feeds
07/07/2007 23:11:52 (DIR) 0 byte 1 days old -- _avast4_
07/07/2007 23:42:52 (DIR) 0 byte 1 days old -- F-Secure
08/07/2007 10:01:06 (DIR) 0 byte 0 days old -- WPDNSE
08/07/2007 10:05:45 1539 byte 0 days old -- jusched.log
08/07/2007 10:50:31 16384 byte 0 days old -- ~DFDEA8.tmp
08/07/2007 10:50:31 (DIR) 0 byte 0 days old -- nsc1C.tmp

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"nwiz"="nwiz.exe /installquiet"
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe"
"000StTHK"="000StTHK.exe"
"Tpwrtray"="TPWRTRAY.EXE"
"TFncKy"="TFncKy.exe /Type 20"
"TosHKCW.exe"="\"C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe\""
"TFNF5"="TFNF5.exe"
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe"
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
"WooCnxMon"="C:\PROGRA~1\WANADOO\CnxMon.exe"
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe"
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe"
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe -startgui"
"Ulead Memory Card Detector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe"
"TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe\""

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
@SACL=
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Yahoo! Pager"="\"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe\" -quiet"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"

[Winlogon\Notify\WgaLogon\Settings]

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
@SACL=
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp;Local Settings\Application Data\Microsoft\Outlook"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]
@SACL=

[Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
#### HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\InprocServer32 @="C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\Windows Live Toolbar\msntb.dll"
@=""

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]
@=dword:00000001

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[UrlSearchHooks]
"{08C06D61-F1F3-4799-86F8-BE1A89362C85}"=""
#### HKCR\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}\InprocServer32 @="C:\PROGRA~1\WANADOO\SEARCH~1.DLL"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""
#### HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 @="C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

[startupfolder]

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\logon.scr"

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"LsaPid"=dword:000002c8
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="5068435f"
"Pattern"=hex:33,ac,27,88,fa,1c,4f,07,06,ad,16,88,d4,00,aa,22,35,30,36,38,34,\
33,35,66,00,00,00,00,01,00,00,00,b0,01,00,00,b4,01,00,00,40,ca,06,00,5b,a5,\
b5,71,04,00,00,00,10,00,00,00,00,00,00,00,a1,2a,fd,bb

[Lsa\GBG]
@Class="a1861d82"
"GrafBlumGroup"=hex:06,01,fc,ea,6c,e6,1f,12,ec

[Lsa\JD]
@Class="98a0bb03"
"Lookup"=hex:a8,0f,8f,4c,08,54

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="fd2a5e37"
"SkewMatrix"=hex:54,e3,3e,36,ac,c2,9d,69,ee,f3,bc,a8,70,b3,e1,15

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:a0,ce,2b,74,6d,e3,c6,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,82,47,21,f6,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,63,3d,27,f6,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,63,3d,27,f6,85,c4,01
"Type"=dword:00000031

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."

[SharedAccess\Epoch]
"Epoch"=dword:000024f9

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\cygwin\usr\X11R6\bin\XWin.exe"="C:\cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\EasyPHP1-8\apache\Apache.exe"="C:\Program Files\EasyPHP1-8\apache\Apache.exe:*:Enabled:Apache"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Java\jdk1.5.0_11\jre\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_11\jre\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Java\jdk1.5.0_11\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_11\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe"="C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0_01\bin\java.exe"="C:\Program Files\Java\jdk1.6.0_01\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ARIS7.0\LocalServer\ASA9\win32\dbsrv9.exe"="C:\Program Files\ARIS7.0\LocalServer\ASA9\win32\dbsrv9.exe:*:Enabled:Adaptive Server Anywhere Network Server"
"C:\Program Files\ARIS7.0\arisserverw70.exe"="C:\Program Files\ARIS7.0\arisserverw70.exe:*:Enabled:arisserverw70"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{E8B62110-F083-4205-9C36-79588ADFB064}"=dword:00000001
"{06A2198B-BF4E-41B7-916A-B1DA4D4607E0}"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000001

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{68E0937D-5A01-4A43-A73E-74F5193D0FF8}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\Blaze Media Pro]

[VB and VBA Program Settings\Blaze Media Pro\Assoc Backups]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\Euro Add-in]

[VB and VBA Program Settings\Euro Add-in\Wizard Options]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

[MountPoints2]
@SACL=

[MountPoints2\A]
"BaseClass"="Drive"

[MountPoints2\C]
"BaseClass"="Drive"

[MountPoints2\D]
"BaseClass"="Drive"

[MountPoints2\E]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
df,df,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,01,00,00,00,08,\
00,00,00

[MountPoints2\{07ded1d0-b3f4-11d6-a6c0-00003990a3ec}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,01,00,ee,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,01,00,00,00,08,\
02,00,00

[MountPoints2\{07ded1d0-b3f4-11d6-a6c0-00003990a3ec}\shell]
@="None"

[MountPoints2\{07ded1d0-b3f4-11d6-a6c0-00003990a3ec}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{07ded1d0-b3f4-11d6-a6c0-00003990a3ec}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{1d7b7d00-b4e9-11d6-98d0-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{1d7b7d01-b4e9-11d6-98d0-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{1d7b7d02-b4e9-11d6-98d0-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{22c7f0f0-b4ea-11d6-98d1-00003989a3ec}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,01,00,ee,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,01,00,00,00,08,\
02,00,00

[MountPoints2\{22c7f0f0-b4ea-11d6-98d1-00003989a3ec}\shell]
@="None"

[MountPoints2\{22c7f0f0-b4ea-11d6-98d1-00003989a3ec}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{22c7f0f0-b4ea-11d6-98d1-00003989a3ec}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{31cd9270-4f12-11db-a331-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{31cd9271-4f12-11db-a331-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,\
df,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,e0,00,00,00,08,00,00,00

[MountPoints2\{31cd9271-4f12-11db-a331-806d6172696f}\_Autorun]

[MountPoints2\{31cd9271-4f12-11db-a331-806d6172696f}\_Autorun\DefaultIcon]
@="D:\autorun.exe"

[MountPoints2\{31cd9272-4f12-11db-a331-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{34945600-af65-11d6-a8bb-00003990a3ec}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,01,00,ee,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,01,00,00,00,08,\
02,00,00

[MountPoints2\{34945600-af65-11d6-a8bb-00003990a3ec}\shell]
@="None"

[MountPoints2\{34945600-af65-11d6-a8bb-00003990a3ec}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{34945600-af65-11d6-a8bb-00003990a3ec}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{41cac291-4f30-11db-a337-4d6564696130}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,01,5f,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00

[MountPoints2\{41cac291-4f30-11db-a337-4d6564696130}\shell]
@="None"

[MountPoints2\{41cac291-4f30-11db-a337-4d6564696130}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{41cac291-4f30-11db-a337-4d6564696130}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{5be7cd90-aecf-11d6-8c4a-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{5be7cd91-aecf-11d6-8c4a-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{5be7cd92-aecf-11d6-8c4a-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{75363550-b3f3-11d6-a6bf-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{75363551-b3f3-11d6-a6bf-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{75363552-b3f3-11d6-a6bf-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{835390f0-af46-11d6-9db3-000039cea2ec}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,01,00,ee,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,01,00,00,00,08,\
02,00,00

[MountPoints2\{835390f0-af46-11d6-9db3-000039cea2ec}\shell]
@="None"

[MountPoints2\{835390f0-af46-11d6-9db3-000039cea2ec}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{835390f0-af46-11d6-9db3-000039cea2ec}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{9bcc3880-af4b-11d6-9db6-000039cea2ec}]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
00,00,00

[MountPoints2\{b7491af1-b35b-11d6-ba8e-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{b7491af2-b35b-11d6-ba8e-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{b7491af3-b35b-11d6-ba8e-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{b7491af4-b35b-11d6-ba8e-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{c0230930-af64-11d6-a8ba-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{c0230931-af64-11d6-a8ba-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{c0230932-af64-11d6-a8ba-806d6172696f}]
@SACL=
"BaseClass"="Drive"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

[AdvancedOptions\INTERNATIONAL]
"Text"="International*"

[AdvancedOptions\INTERNATIONAL\IDN]
"Text"="Send IDN server names"

[AdvancedOptions\INTERNATIONAL\IDN_INFOBAR]
"Text"="Show Information bar for encoded addresses"

[AdvancedOptions\INTERNATIONAL\IDN_INTRANET]
"Text"="Send IDN server names for Intranet addresses"

[AdvancedOptions\INTERNATIONAL\IDN_SHOWPUNY]
"Text"="Always show encoded addresses"

[AdvancedOptions\INTERNATIONAL\UTF8_MAILTO]
"Text"="Use UTF-8 for mailto links"

[AdvancedOptions\INTERNATIONAL\UTF8_URL]
"Text"="Send UTF-8 URLs"

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"
"StubPath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
#### HKCR\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"

[Installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D}]
"@="Security Update for Microsoft .NET Framework 2.0 (KB922770)"
"ComponentID"="KB922770"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"

[Installed Components\{1325db73-d9f1-48f8-8895-6d814ec58889}]
"@="Mise à jour de sécurité pour Windows XP (KB913433)"
"ComponentID"="KB913433"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
#### HKCR\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"

[Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
#### HKCR\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"

[Installed Components\{3A4550A3-454F-42F1-457D-6076225003F6}]
"ComponentID"="NetShow"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"@="Windows Messenger 4.7"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Dossiers Web"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F}]
"@="Security Update for Microsoft .NET Framework 2.0 (KB917283)"
"ComponentID"="KB917283"

[Installed Components\{A17E30C4-A9BA-11D4-8673-60DB54C10000}]
#### HKCR\CLSID\{A17E30C4-A9BA-11D4-8673-60DB54C10000}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\ymmapi.dll"

[Installed Components\{AA218328-0EA8-4D70-8972-E987A9190FF4}]
#### HKCR\CLSID\{AA218328-0EA8-4D70-8972-E987A9190FF4}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\ymmapi.dll"

[Installed Components\{B6B0F76A-873E-438E-BC25-6704193DD344}]
"ComponentID"="KB926749"
"@="Microsoft Visual C# 2005 Express - FRA Service Pack 1 (KB926749)"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D07A13F7-D30C-47DD-AD95-7D0105811327}]
"ComponentID"="KB926751"
"@="Microsoft Visual Web Developer 2005 Express - FRA Service Pack 1 (KB926751)"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player 9 ActiveX"
"ComponentID"="Flash"

[Installed Components\{D7B44F3E-77D3-44C5-8E03-4222D9A18B7B}]
"@="Q321232"
"ComponentID"="Q321232"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
"ComponentID"="Yahoo! Messenger"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi\Parameters ProviderStart REG_DWORD 3 (0x3)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aswTdi\Parameters ProviderStart REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {B8A62DE1-C911-47C2-AB37-1E57060C3B45} REG_BINARY 0F00000000000000000000000000000038A09046F900000000000000000000000000000038A090460100000000000000000000000000000038A090462B00000000000000000000000000000038A090462C00000000000000000000000000000038A090460600000000000000000000000000000038A09046
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {B8A62DE1-C911-47C2-AB37-1E57060C3B45} REG_BINARY 0F0000000000000000000000000000005C809046F90000000000000000000000000000005C809046010000000000000000000000000000005C8090462B0000000000000000000000000
0
Réponse 6 / 7
Utilisateur anonyme
8 juil. 2007 à 11:10
Eh bah ....

Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp

Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gsel
0
fhme
8 juil. 2007 à 19:24
Et voici le rapport AVG :
____________________________________________________________________________________
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:38:16 08/07/2007

+ Résultat de l'analyse:

Rien à signaler.

Fin du rapport
____________________________________________________________________________________
0
Réponse 7 / 7
Utilisateur anonyme
8 juil. 2007 à 21:52
Bah euh franchement ..... j'vois rien là !

Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clique dessus et choisit "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

---> https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

- Démarrer Online Scanner
- Accept
- Scanne complétement ton (tes) disques dur
0
fhme
15 juil. 2007 à 09:00
Bonjour,

Encore une fois toutes les fenetre du navigateur se sont fermé et j'ai eu le mem message, qui me propose de téléchager le logiciel malveillant !
J'ai fait le scan en ligne et voici le rapport :
_______________________________________________________
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, July 13, 2007 7:23:36 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 13/07/2007
Enregistrements dans la base antivirus Kaspersky : 339451
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\

Statistiques de l'analyse:
Total d'objets analysés: 103982
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 03:30:39

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\helali\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\helali\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\helali\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\helali\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\helali\Local Settings\Temp\~DF2415.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\helali\Local Settings\Temp\~DF242D.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\helali\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\helali\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\helali\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\Perflib_Perfdata_7d0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_1060.trc L'objet est verrouillé ignoré
C:\Program Files\Sygate\SPF\debug.log L'objet est verrouillé ignoré
C:\Program Files\Sygate\SPF\rawlog.log L'objet est verrouillé ignoré
C:\Program Files\Sygate\SPF\seclog.log L'objet est verrouillé ignoré
C:\Program Files\Sygate\SPF\syslog.log L'objet est verrouillé ignoré
C:\Program Files\Sygate\SPF\tralog.log L'objet est verrouillé ignoré
C:\System Volume Information\_restore{68E0937D-5A01-4A43-A73E-74F5193D0FF8}\RP262\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{C5E00F42-6FD5-4781-9EAC-0E8706ECBFB7}.bin L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_608.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

Analyse terminée.

_______________________________________________________
0